63a10e8cf29f856c2d901dd1871ebf59_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63a10e8cf29f856c2d901dd1871ebf59_JaffaCakes118
Size

196KB
MD5

63a10e8cf29f856c2d901dd1871ebf59
SHA1

753fe75c161a8e7f609669582a75e9afe6e4bfa0
SHA256

dfe5ebbbc5dc2b87beb3d149b8a9a80a69fa868d830ff91ffc281b32c3efb487
SHA512

497c8b300ea10bc47f35af27ab4d9fbddf4d5588345e1a96a8eae61b05e1ca22beebac036f266beccb3b39a910d9e55bc9ed38e4f1c676d23bbb150ff5d153c8
SSDEEP

3072:Au7ljz+tjKao5jjuB+gudGQ4fWYTgHDYz3W130DFj38Tv6MYBYySXC4iWLGb:p8maocdMGQ4ftEHD/yFj38Tv6jBQLG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63a10e8cf29f856c2d901dd1871ebf59_JaffaCakes118

Files

63a10e8cf29f856c2d901dd1871ebf59_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: 134KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8kj5359l
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hv6rim13
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5oz..6d1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ